This invention pertains to the field of thwarting attacks on digital computers caused by malicious computer code entering the computers via map-loaded modules.
Since this technical field is new, there are no known items of background art relevant to the problem solved by this invention.
The present invention is an apparatus, computer-implemented method, and computer-readable medium comprising a registry (10) containing mappings from generic map-loaded module names (4) to locations (5) of specific map-loaded modules (8). Coupled to the registry (10) is a registry monitor module (20) adapted to monitor attempts to replace existing mappings (5) of map-loaded modules (8) with replacement mappings (5). Coupled to the map-loaded modules (8) is a file system monitor module (70) adapted to monitor attempts to insert new map-loaded modules (8) into the computer (1). Coupled to the registry monitor module (20) and to the file system monitor module (70) is a programmable control module (30) adapted to determine that a change in mapping is deemed to constitute a malicious code attack when at least one pre-established rule (50) is satisfied.